Privacy Statement

We take your privacy seriously

1. Identity
This is the privacy statement of Nuclear Research and consultancy Group v.o.f., registered in the Trade Register of the Chamber of Commerce under number 37082135 (“NRG”).

2. General
NRG respects the privacy of all individuals whose personal data we collect. This privacy statement relates to the processing of personal data for the purposes described in this document.

This privacy statement applies to the processing of personal data by NRG on the following websites:

• www.nrg.eu and its related subdomains (e.g., https://www.nrg.eu/solutions and https://www.nrg.eu/about-us/contact)
• www.pallasreactor.com
• www.werkenbijnrg.nl
• www.30000perdag.nl
• www.ensuringnuclearperformance.com
• www.advancingnuclearmedicine.com
• www.nuclearinnovationconference.eu
• www.field-lab.nl

NRG is not responsible for the privacy policies of other sites accessible through links on the NRG or NDRIS website. If you access third-party websites via our websites, these third parties may place cookies. We recommend consulting the privacy statement and disclaimer of these third-party websites when accessing them through our sites.

NRG processes personal data in compliance with Dutch privacy legislation. Since May 25, 2018, this has been governed by the General Data Protection Regulation (GDPR).

NRG ensures appropriate security for the personal data it handles, in line with applicable legal requirements.

We will not provide your data to third parties without your prior consent unless it is necessary for the purpose for which you have provided your personal data, the execution of a contract with you, or if we are legally required to do so.

3. Purposes of Processing
NRG collects personal data for various purposes, such as providing information to you, corresponding with you, offering you quotations or executing agreements with the organization you work for or represent, processing applications, registering for training programs, and managing visitor access and security at our locations.

NRG only uses your personal data for the purpose for which you provided it or in carrying out a legally mandated task. We will not process your personal data for purposes other than those stated below unless you have given prior consent or we are legally required to do so.

3.1 Information Requests
When you contact us, we store the information you provide, such as your name, postal address, email address, type of request, and any additional information you submit. The information you provide in any of our forms is not shared with third parties.

3.2 Training Registration
When you register for a training course or program through our website, we store the information you provide, such as your name, postal address, email address, training details, certifications obtained, and any other information you submit. This information is only shared with third parties when necessary for the training, examination, and certification issuance.

3.3 (Open) Job Applications
If you apply for a job at NRG or respond to a vacancy on an NRG website, you may provide personal information such as your CV. We use this information to process your application and retain it for up to four weeks after the application process is complete. With your consent, NRG may retain your information for up to twelve months for potential future vacancies. You can request the deletion of your personal data at any time.

3.4 Camera Surveillance, Access Control, Visitor Registration, and License Plate Registration
NRG processes personal data for camera surveillance, access control, visitor registration, and license plate registration, as required by law. For these purposes, NRG processes names, addresses, email addresses, phone numbers, company names, and vehicle license plate numbers.

3.5 NDRIS
NRG processes personal data in carrying out its activities within the National Dose Registration and Information System (NDRIS).
On behalf of the Dutch Ministry of Social Affairs and Employment, NRG manages NDRIS, the Dutch system for registering radiation doses for radiological workers. In addition to this privacy statement, the Privacy Protection Regulations for NDRIS Personal Data apply to the processing of personal data by NDRIS.

3.6 Business Relationships
NRG processes personal data of individuals working for companies with whom we do business to maintain the business relationship, provide information about our services, products, and activities, and manage contracts. NRG may share or transmit this data to third parties when necessary to achieve the objectives of the business relationship, such as subcontractors providing services on NRG’s behalf.

3.7 Research Purposes
We use anonymized, non-identifiable information for creating and maintaining best practices, statistics, research purposes, and benchmarking.

4. Legal Basis
NRG processes personal data based on the following legal grounds:

• Legal Obligation: For example, NRG is legally required to carry out camera surveillance, access control, visitor registration, and license plate registration.
• Public Task: For example, managing NDRIS as a public task.
• Contract: For example, retaining your data for a training course you have purchased or plan to purchase.
• Consent: For example, in the recruitment process, where we request your consent to retain your data for 12 months for potential future vacancies.
• Legitimate Interest: For example, retaining your data to facilitate (future) requests if you contact us as a customer or job applicant.

5. Recipients and Transfers
NRG does not share your data with third parties without your prior consent unless it is necessary for the purpose for which you provided your personal data, for executing a contract, or if required by law. When required under GDPR, we enter into a processing agreement with third parties to ensure the adequate protection of your personal data. NRG and its (sub)processors store your data exclusively within the European Economic Area (EEA) and the United Kingdom (UK). For transfers outside the EEA, appropriate safeguards are in place to secure the data. Transfers to the UK are covered by an adequacy decision of the European Commission.

6. Retention Period
NRG retains your personal data no longer than necessary for the purpose of processing or to comply with our legal obligations.

7. Rights of Data Subjects
Under the GDPR, you have several rights concerning the processing of your personal data:

• Right of Access: You can access the personal data we have collected about you.
• Right to Rectification: You can request corrections or additions to your data if it is inaccurate, incomplete, or irrelevant.
• Right to Erasure: You can request the deletion of your data, provided it is no longer necessary for its original purpose.
• Right to Object: You can object to the processing of your data or request restrictions on processing.
• Right to Data Portability: In specific situations, you can request the transfer of your personal data to another party.
• Right Not to Be Subject to Automated Decision-Making: NRG does not use automated decision-making processes that have legal consequences.

To exercise your rights, email privacy@nrg.eu. NRG aims to handle your request within four weeks.

If you have a complaint about the processing of your personal data or our response to your request, we encourage you to contact us at privacy@nrg.eu. Additionally, you have the right to file a complaint with the Dutch Data Protection Authority.

8. Data Protection Officer
NRG has not appointed a Data Protection Officer but employs a Privacy Officer who can be contacted via privacy@nrg.eu. If you have questions about this privacy statement or how NRG processes your data, please reach out to privacy@nrg.eu.

9. Amendments to the Privacy Statement
NRG reserves the right to amend this privacy statement. Changes will be published on this website. We recommend checking this privacy statement regularly. This privacy statement was last updated on 26/11/2024.